Submitted by jean-paul on Sun, 03/26/2017 - 15:02
key hole image

Every time I read a story about breached or stolen accounts, like the one linked to below, I am reminded that not having a good solution for passwords can be devastating.

It's critical, especially for businesses, to have strong passwords, and that goes for anywhere the business operates. Online banking and domain registrars are obvious targets for hackers, but a strong password on those particular services is likely going to be less inconvenient than something more often accessed, and by more people, like email.

Almost every organization uses email, with each employee controlling one or more accounts. These accounts aren't only used for communication, but in many cases, they are used for direct (OAuth) or indirect (clicking a link in an email) authentication, allowing for "passwordless" authentication on many websites. The increased burdon on email means that it's even more important than ever to ensure it's secure, but the problem with strong passwords is that they can be much more difficult to remember. This is one of the reasons that we find ourselves in a situation where a shamefully significant percentage of people use passwords like "123456", "qwerty", and of course, "password". Do you use one of these?

One solution that many use is a password manager. These maintain a database of (hopefully) very strong passwords somewhere, whether on your own PC, or in the cloud. While keeping your passwords "in the cloud" may seem reckless, they are stored using strong encryption, and can be accompanied by additional protections like multi-factor authentication.

If you aren't willing to trust your passwords to an online service, another option could be the creation of "Shocking Nonsense" phrases, a term coined by Grady Ward. Shocking nonsense involves creating a sentence that isn't too difficult to remember, but would be very difficult to guess. Let's walk through a simple example. First, we'll create a sentence that uses most, if not all of the elements of a strong password, which are lower-case letters, upper-case letters, numbers, and special characters/symbols.

"Save us. All 42 hackers are trying to steal my ID!"

From that easily remembered sentence, we can create a much harder password:

"Su.A42hattsmID!" by only typing the first letter of each word. You can choose whichever letter you wish, of course!

One more example, but this time we'll include a way to reuse the sentence for different services. This method will probably make your passwords less secure, but if you're careful to not be too obvious, you can negate most of that risk.

This time, let's use the first and last letter of what we're trying to secure, and put them somewhere consistent. This could be as a part of the phrase, or just in a certain position.

Phrase: "1 moment; I am trying to remember my <service> password."

Google variant: "1m;IattrmGep."

Twitter variant: "1m;IattrmTrp."

Facebook variant: "1m;IattrmFkp."

Whatever method you choose, you should probably go and change your passwords now. Stay secure!